cybersex /cybercrime

Sex Site Billing Companies Targeted By Russian Cybercrime
Companies that specialize in handling billing for the adult web site industry are increasingly the targets of cybercrooks looking to turn purloined credit card numbers into cash. Executives point the finger at hi-tech crooks in former Eastern Block nations.
By Kevin Poulsen
March 13, 2000 12:00 AM PST

When Barbara Plourd found a mysterious $79.97 charge on her American Express bill last week, she didn't think much of it. The president of a management consulting firm in Los Angeles, Plourd is also an ardent e-consumer who routinely spends thousands of dollars on the Internet. So as she phoned the company that issued the charge, S&N Productions, she fully expected to be reminded of some book or piece of software she'd bought online from them on January 28th.

"When they said, this is for an adult web site, I just about fell out of my chair," Plourd recalls.

Doing business as Membership Plus, S&N Productions is one of a handful of companies that have carved out an e-commerce niche in performing credit card billing for membership based web sites - usually sites offering adult content. With names like Ibill and CCBill, these Internet billing companies run charges through their own bank merchant accounts, keeping a percentage of each charge and passing the rest to their clients via check or electronic funds transfer.

The biggest selling point for Internet billing companies is the ease with which an adult web site entrepreneur can begin processing credit cards -- the alternative, establishing a bank merchant account, can be an arduous and expensive process. But that same ease, and the quick translation from credit cards to cash, make the companies an attractive target for scam artists with stolen credit card numbers.

According to a Membership Plus spokesperson, Barbara Plourd had been billed for a one year membership to a particular adult web site, which established an account with the company in January, and had been accepting their payments via wire transfer to a bank account in Russia. (The web site operator did not return phone calls seeking comment.)
'We will actually not accept clients from certain countries.'
-- Doug Wicks, CCBill
"Anybody can set up an account with us, then just sit there at their computer typing in names and addresses and credit card numbers," says Steve, a Membership Plus executive who declined to give his last name for fear of reprisal. "We're usually pretty good at catching it."

In this case, the account had been closed since February 6th, when Membership Plus noticed a number of transactions originating from the same IP address in Russia and immediately terminated the account. In all, they've received little over a dozen complaints.

Red Flagged

Doug Wicks, Project Manager at competing Internet billing company CCBill, says Russian account applications get special scrutiny from his company, which he claims has never been defrauded. "A red flag pops up, because there's a trend where we're seeing higher fraud transactions coming from Eastern Block countries," says Wicks. "It doesn't mean you say no to Russia," Wicks adds, "but we will actually not accept clients from certain countries."

In recent months, computer intruders have raised an uproar by raiding e-commerce sites and pilfering credit card data. In December a computer intruder calling himself "Maxus" set up a web site to distribute credit card numbers, names and addresses he'd purloined from CD Universe, after the music e-tailer declined to pay $100,000 in extortion money.

Another cyberpunk named "Curador" has siphoned credit card numbers from eight online businesses since January, and posted them publicly, while taunting police.

Exactly how the credit card numbers were obtained in this case is unclear, but the web site hosting firm Web2010 is conducting a security review after learning that some or all of the victim card owners may also have been their clients. "We've currently got an internal investigation going to see if there's been a breach," says company vice president Jim Shaver.

Consumers are generally liable for only $50.00 of fraudulent credit card use, and many banks waive even that amount. In Barbara Plourd's case, Membership Plus promptly refunded the $79.97 charge, leaving the company holding the bag for the fraud, but keeping a good e-commerce customer happy.

"Everybody was great from the beginning to the end," says Plourd, who, if anything, is more confident than ever about Internet shopping. "I'm just waiting for my replacement card. I've had a great experience."